How is the COVID-19 crisis impacting your business processes?
I don’t think any of us anticipated a few short weeks ago that the entire structure of our businesses would change so rapidly. As a business owner, it’s hard to anticipate what the next disruption to our business will be. The only thing that we can expect is that it will be something we don’t expect.
While it appears that things are out of control, how can you maintain a level of internal control and safety in the “new” business processes? What fraud risks should we revisit?
Now is a good time to review the following five business processes
1. Employees access to the bank account
If you have employees who have access to your bank accounts now is a good time to review those access rights. Are they fully employed? Are they on-site or working from home? Is the level of access still appropriate given the change in our business during this time?
2. Accounts receivable collections
Each business is impacted differently by the current crisis. Understanding your customers and who is ultimately going to pay us for your products or services is critical.
If your customer base is struggling that has a direct impact on their ability to pay. This may require changes to payment terms or more upfront payments. Some controls around this area involve how credit is granted to customers.
Who in the office is doing collections and making payment terms with customers? What customers do we want to extend some grace to, and which ones are we better off not doing business with currently? Who reviews the accounts receivable aging report? Do we need to review this more often or contact customers before they become delinquent? These are all difficult internal control decisions but now is the right time to address them.
3. Validate Vendor Invoices
Each business is conducting activities differently during this pandemic especially if implementing a remote work schedule. If your business is receiving invoices electronically, now is a good time to pay close attention and ask yourself a few questions before paying a vendor: Is this a reoccurring expense or a typical vendor for your business? Does anything on the invoice look unusual? Are there handwritten notes? Is anything crossed out? Does the spacing and/or type size look off? Is the invoice balance larger than usual?
Every business should be analyzing their invoices regularly and employees should increase their skepticism when receiving electronic copies for review. Electronic copies are easy to manipulate and tamper with. Make sure everyone is confident that the invoice and vendor information is accurate before submitting payments.
4. Review Expense Reimbursements
Does your company typically reimburse employees for expenses incurred such as travel, meals and entertainment, parking fees, etc.? If so, now is a great time to decide if employees should be incurring their usual expenses. If your employees are working remotely, they probably shouldn’t have any mileage, tolls, parking fees, or meals and entertainment expenses. Each business will be different but now would be a good time to increase review and inquiry around reimbursements.
5. IT Controls
During this pandemic, many employees are working remotely or practicing social distancing which has a big impact on IT controls. The volume number of emails or electronic communications is increasing. Employees are using their at-home networks or resources. Are employees internet connections secure, are they using computers that have proper security, virus protection, etc.?
Send out reminders to all employees to analyze and review emails before clicking on any links, attachments, etc. Have them consider the following: Does the email address look correct and does it match the sender’s name? If it’s from a co-worker, are they requesting you to do something out of the ordinary? Were you expecting an email from an outside person?
If something looks suspicious, it should be sent to your IT professional. If an employee receives and unusual email from a co-worker or a person they know and trust, contact them to ensure it isn’t a scam.
Make sure your employees are aware of the company’s procedures surrounding IT and also communicate the potential risks this may cause if the company is a victim of scamming.
Whenever you change an internal process review it for proper segregation of duties. Can one person initiate, process, approve, and reconcile the same transaction and maintain proper oversight?
Avoid unnecessary risks
Holes in these areas can expose a company to unnecessary risks during hard times. If you need any help or want to discuss your controls during this time get in touch with us.
by Jessica Norris and KayTe Shetler